GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering
5 hours ago
- #APK Decompilation
- #Android Reverse Engineering
- #API Extraction
- A Claude Code skill for decompiling Android APK/XAPK/JAR/AAR files to extract HTTP APIs (Retrofit, OkHttp, hardcoded URLs, authentication patterns) without original source code.
- Uses tools like jadx and Fernflower/Vineflower for decompilation, supporting side-by-side comparison and handling obfuscated code from ProGuard/R8.
- Traces call flows from Activities/Fragments through ViewModels/repositories to HTTP calls and analyzes app structure (manifest, packages, architecture patterns).
- Requires Java JDK 17+ and jadx, with optional Vineflower/Fernflower and dex2jar for better decompilation of complex or APK/DEX files.
- Installation via plugin marketplace or git clone, with activation triggered by phrases like 'Decompile this APK' or 'Extract API endpoints from this app'.
- Includes standalone scripts for dependency checks, installation, decompilation (with engine options), and API call finding (e.g., Retrofit endpoints, URLs).
- Plugin structure organized with documentation, reference guides, and scripts, emphasizing lawful use for security research, malware analysis, and education under Apache 2.0 license.